New Zealand: CERT NZ issues Cyber Change guide for organisations to use in cybersecurity messaging
The Ministry of Business, Innovation and Employment's CERT NZ ('CERT NZ') published, on 18 August 2022, its guide, developed in collaboration with The Research Agency, titled Cyber Change: Behavioural Insights for Being Secure Online, which covers behaviour change techniques aimed at prompting positive cybersecurity actions. In particular, the guide intends to aid government and industry agencies working in the area of online security in order to share insights about how to improve the effectiveness of cybersecurity interventions.
More specifically, the guide supports the COM-B model, which states that, in order to influence behaviour ('B'), organisations must consider the capability ('C'), opportunity ('O'), and motivation ('M') of users. Furthermore, the guide outlines, among other things, that capability includes making recommended settings default, overcoming ambiguity by educating the user, reframing key vocabulary such as passphrases, making it socially acceptable to reject scam calls, chunking recommended actions into meaningful groups, and facilitating the reporting of online security incidents.